2f1c7ba75e823b1cdcd6115c5504dcad6c2eab0f |
|
14-Apr-2017 |
Dan Cashman <dcashman@google.com> |
Remove vndservice_manager object classes. vndservicemanager is a copy of servicemanager, and so has the exact same properties. This should be reflected in the sharing of an object manager in SELinux policy, rather than creating a second one, which is effectively an attempt at namespacing based on object rather than type labels. hwservicemanager, however, provides different and additional functionality that may be reflected in changed permissions, though they currently map to the existing servicemanager permissions. Keep the new hwservice_manager object manager but remove the vndservice_manager one. Bug: 34454312 Bug: 36052864 Test: policy builds and device boots. Change-Id: I9e0c2757be4026101e32ba780f1fa67130cfa14e
/system/sepolicy/private/access_vectors
|
a0c7f01299c41157d123da0792fbf9ce2a26f9d3 |
|
11-Apr-2017 |
Shawn Willden <swillden@google.com> |
Add keystore_key:attest_unique_id to priv_app. Only privileged apps are supposed to be able to get unique IDs from attestation. Test: CTS test verifies the negative condition, manual the positive Bug: 34671471 Change-Id: I9ab3f71b1e11ed1d7866ff933feece73152d2578
/system/sepolicy/private/access_vectors
|
bc6d88d2da12aa9cf43442d928f296c573a345b3 |
|
06-Apr-2017 |
Martijn Coenen <maco@google.com> |
Add new classes and types for (hw|vnd)servicemanager. Bug: 34454312 Bug: 36052864 Test: device boots, works Change-Id: If61d9b736a74c5944cef4449de4dfbaf78d9ccfa
/system/sepolicy/private/access_vectors
|
4921085d9c7a188596914de415b3d2346ac44fda |
|
06-Feb-2017 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove obsolete netlink_firewall_socket and netlink_ip6fw_socket classes. The implementation for NETLINK_FIREWALL and NETLINK_IP6_FW protocols was removed from the kernel in commit d16cf20e2f2f13411eece7f7fb72c17d141c4a84 ("netfilter: remove ip_queue support") circa Linux 3.5. Unless we need to retain compatibility for kernels < 3.5, we can drop these classes from the policy altogether. Possibly the neverallow rule in app.te should be augmented to include the newer netlink security classes, similar to webview_zygote, but that can be a separate change. Test: policy builds Change-Id: Iab9389eb59c96772e5fa87c71d0afc86fe99bb6b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/system/sepolicy/private/access_vectors
|
431bdd9f2f344ecde4cd3fe0109bd70eab0a394c |
|
08-Dec-2016 |
Stephen Smalley <sds@tycho.nsa.gov> |
Define extended_socket_class policy capability and socket classes Add a definition for the extended_socket_class policy capability used to enable the use of separate socket security classes for all network address families rather than the generic socket class. The capability also enables the use of separate security classes for ICMP and SCTP sockets, which were previously mapped to rawip_socket class. Add definitions for the new socket classes and access vectors enabled by this capability. Add the new socket classes to the socket_class_set macro, and exclude them from webview_zygote domain as with other socket classes. Allowing access by specific domains to the new socket security classes is left to future commits. Domains previously allowed permissions to the 'socket' class will require permission to the more specific socket class when running on kernels with this support. The kernel support will be included upstream in Linux 4.11. The relevant kernel commits are da69a5306ab92e07224da54aafee8b1dccf024f6 ("selinux: support distinctions among all network address families"), ef37979a2cfa3905adbf0c2a681ce16c0aaea92d ("selinux: handle ICMPv6 consistently with ICMP"), and b4ba35c75a0671a06b978b6386b54148efddf39f ("selinux: drop unused socket security classes"). This change requires selinux userspace commit d479baa82d67c9ac56c1a6fa041abfb9168aa4b3 ("libsepol: Define extended_socket_class policy capability") in order to build the policy with this capability enabled. This commit is already in AOSP master. Test: policy builds Change-Id: I788b4be9f0ec0bf2356c0bbef101cd42a1af49bb Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/system/sepolicy/private/access_vectors
|
8a003607064804307201d0738e1e284442f9826b |
|
27-Apr-2016 |
Stephen Smalley <sds@tycho.nsa.gov> |
Define the user namespace capability classes and access vectors. Kernel commit 8e4ff6f228e4722cac74db716e308d1da33d744f (selinux: distinguish non-init user namespace capability checks) introduced support for distinguishing capability checks against a target associated with the init user namespace versus capability checks against a target associated with a non-init user namespace by defining and using separate security classes for the latter. This support is needed on Linux to support e.g. Chrome usage of user namespaces for the Chrome sandbox without needing to allow Chrome to also exercise capabilities on targets in the init user namespace. Define the new security classes and access vectors for the Android policy. Refactor the original capability and capability2 access vector definitions as common declarations to allow reuse by the new cap_userns and cap2_userns classes. This change does not allow use of the new classes by any domain; that is deferred to future changes as needed if/when Android enables user namespaces and the Android version of Chrome starts using them. The kernel support went upstream in Linux 4.7. Based on the corresponding refpolicy patch by Chris PeBenito, but reworked for the Android policy. Test: policy builds Change-Id: I71103d39e93ee0e8c24816fca762944d047c2235 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/system/sepolicy/private/access_vectors
|
cb3eb4eef9733bbde2951a2a774392d0c8acc9fe |
|
19-Oct-2016 |
Josh Gao <jmgao@google.com> |
Introduce crash_dump debugging helper. Replace the global debuggerd with a per-process debugging helper that gets exec'ed by the process that crashed. Bug: http://b/30705528 Test: crasher/crasher64, `debuggerd <pid>`, `kill -ABRT <pid>` Change-Id: Iad1b7478f7a4e2690720db4b066417d8b66834ed
/system/sepolicy/private/access_vectors
|
11dc03e5a2c65c4f3ca9a5b6fd0eb688447433bd |
|
21-Nov-2016 |
Nick Kralevich <nnk@google.com> |
access_vectors: Remove unused permission definitions Description stolen from https://github.com/torvalds/linux/commit/42a9699a9fa179c0054ea3cf5ad3cc67104a6162 Remove unused permission definitions from SELinux. Many of these were only ever used in pre-mainline versions of SELinux, prior to Linux 2.6.0. Some of them were used in the legacy network or compat_net=1 checks that were disabled by default in Linux 2.6.18 and fully removed in Linux 2.6.30. Permissions never used in mainline Linux: file swapon filesystem transition tcp_socket { connectto newconn acceptfrom } node enforce_dest unix_stream_socket { newconn acceptfrom } Legacy network checks, removed in 2.6.30: socket { recv_msg send_msg } node { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send dccp_recv dccp_send } netif { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send dccp_recv dccp_send } Test: policy compiles and no boot errors (marlin) Change-Id: Idaef2567666f80db39c3e3cee70e760e1dac73ec
/system/sepolicy/private/access_vectors
|
cc39f637734a8d84bc861b649bfd109290c06401 |
|
22-Jul-2016 |
dcashman <dcashman@google.com> |
Split general policy into public and private components. Divide policy into public and private components. This is the first step in splitting the policy creation for platform and non-platform policies. The policy in the public directory will be exported for use in non-platform policy creation. Backwards compatibility with it will be achieved by converting the exported policy into attribute-based policy when included as part of the non-platform policy and a mapping file will be maintained to be included with the platform policy that maps exported attributes of previous versions to the current platform version. Eventually we would like to create a clear interface between the platform and non-platform device components so that the exported policy, and the need for attributes is minimal. For now, almost all types and avrules are left in public. Test: Tested by building policy and running on device. Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
/system/sepolicy/private/access_vectors
|